Sounds like a bug. olcTLSCipherSuite is in the schema, but you're right, I don't see it turning up. You should file an ITS for this.Does the TLSCipherSuite directive translate to anything in cn=config?
I'm not seeing anything when I convert my slapd.conf file and the server doesn't seem to be interpreting the directive "TLSCipherSuite HIGH:MEDIUM" the way I would expect. That is, to only allow high and medium strength connections while trying to negotiate high-strength first.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/